
class UserFilters {

  def filters = {
    all(controller: "(user|index)", action: "(login|authenticate|index|register|store)", invert: true) {
      before = {
        if (!session.user) {
          flash.message = "You need to be logged in"
          redirect(controller: "user", action: "login")
          return false;
        }
      }
      after = {
      }
      afterView = {
      }
    }

    user(controller: "user", action: "(edit|show|delete)") {
      before = {
        if (!session.admin && session.user && (session.user.id != params.id)) {
          flash.message = "you can only access your own profiles"
          params.id = session.user.id
        }
      }
    }
  }
}
